WP Travel Engine <= 5.7.9 - SQL Injection

WP Travel Engine 5.7.9 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2024-30502 info: name: WP Travel Engine = 5.7.9 - SQL Injection...

EUVD-2026-18983

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-2437

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-2437

The WP Travel Engine – Tour Booking Plugin for WordPress is affected by a Stored Cross‑Site Scripting (XSS) in the wte_trip_tax shortcode, impacting all versions up to and including 6.7.5. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabl...

CVE-2026-2437 WP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-2437 WP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

WordPress WP Travel Engine - Travel and Tour Booking Plugin plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode vulnerability

WordPress WP Travel Engine - Travel and Tour Booking Plugin plugin = 6.7.5 - Authenticated Contributor+ Stored Cross-Site Scripting via wtetriptax Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Travel Engine versions = 6.7.5...

PT-2026-30314

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wte trip tax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...

WordPress plugin WP Travel Engine – Tour Booking Plugin – Tour Operator Software 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2025-7526

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion via renaming due to insufficient file path validation in the setuserprofileimage function in all versions up to, and including, 6.6.7. This makes it possible for...

CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...

CVE-2025-7634

CVE-2025-7634: WP Travel Engine – Tour Booking Plugin – Tour Operator Software for WordPress is vulnerable to Unauthenticated Local File Inclusion via the mode parameter in versions

CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...

CVE-2025-7526 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion via renaming due to insufficient file path validation in the setuserprofileimage function in all versions up to, and including, 6.6.7. This makes it possible for...

CVE-2025-7526

CVE-2025-7526 affects WP Travel Engine – Tour Booking Plugin – Tour Operator Software for WordPress (versions

CVE-2025-7526 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion via renaming due to insufficient file path validation in the setuserprofileimage function in all versions up to, and including, 6.6.7. This makes it possible for...

WordPress plugin WP Travel Engine 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plug...

PT-2025-41358

Name of the Vulnerable Software and Affected Versions WP Travel Engine – Tour Booking Plugin – Tour Operator Software versions prior to 6.6.8 Description The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is susceptible to a Local File Inclusion issue in...

WordPress WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin <= 6.6.7 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by wesley wcraft in WordPress Plugin WP Travel Engine versions = 6.6.7...

WordPress WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via File Renaming vulnerability discovered by wesley wcraft in WordPress Plugin WP Travel Engine versions = 6.6.7...